revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-13 12:54:53 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/phortune/provider/PhortunePayPalPaymentProvider.php

358 lines
10 KiB
PHP
Raw Normal View History

Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
<?php
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
final class PhortunePayPalPaymentProvider extends PhortunePaymentProvider {
const PAYPAL_API_USERNAME = 'paypal.api-username';
const PAYPAL_API_PASSWORD = 'paypal.api-password';
const PAYPAL_API_SIGNATURE = 'paypal.api-signature';
const PAYPAL_MODE = 'paypal.mode';
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
public function isEnabled() {
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
// TODO: See note in processControllerRequest().
return false;
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
return $this->getPaypalAPIUsername() &&
$this->getPaypalAPIPassword() &&
$this->getPaypalAPISignature();
}
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
public function getName() {
return pht('PayPal');
}
public function getConfigureName() {
return pht('Add PayPal Payments Account');
}
public function getConfigureDescription() {
return pht(
'Allows you to accept various payment instruments with a paypal.com '.
'account.');
}
public function getConfigureInstructions() {
return pht(
"To configure PayPal, register or log into an existing account on ".
"[[https://paypal.com | paypal.com]] (for live payments) or ".
"[[https://sandbox.paypal.com | sandbox.paypal.com]] (for test ".
"payments). Once logged in:\n\n".
" - Navigate to {nav Tools > API Access}.\n".
" - Choose **View API Signature**.\n".
" - Copy the **API Username**, **API Password** and **Signature** ".
" into the fields above.\n\n".
"You can select whether the provider operates in test mode or ".
"accepts live payments using the **Mode** dropdown above.\n\n".
"You can either use `sandbox.paypal.com` to retrieve live credentials, ".
"or `paypal.com` to retrieve live credentials.");
}
public function getAllConfigurableProperties() {
return array(
self::PAYPAL_API_USERNAME,
self::PAYPAL_API_PASSWORD,
self::PAYPAL_API_SIGNATURE,
self::PAYPAL_MODE,
);
}
public function getAllConfigurableSecretProperties() {
return array(
self::PAYPAL_API_PASSWORD,
self::PAYPAL_API_SIGNATURE,
);
}
public function processEditForm(
AphrontRequest $request,
array $values) {
$errors = array();
$issues = array();
if (!strlen($values[self::PAYPAL_API_USERNAME])) {
$errors[] = pht('PayPal API Username is required.');
$issues[self::PAYPAL_API_USERNAME] = pht('Required');
}
if (!strlen($values[self::PAYPAL_API_PASSWORD])) {
$errors[] = pht('PayPal API Password is required.');
$issues[self::PAYPAL_API_PASSWORD] = pht('Required');
}
if (!strlen($values[self::PAYPAL_API_SIGNATURE])) {
$errors[] = pht('PayPal API Signature is required.');
$issues[self::PAYPAL_API_SIGNATURE] = pht('Required');
}
if (!strlen($values[self::PAYPAL_MODE])) {
$errors[] = pht('Mode is required.');
$issues[self::PAYPAL_MODE] = pht('Required');
}
return array($errors, $issues, $values);
}
public function extendEditForm(
AphrontRequest $request,
AphrontFormView $form,
array $values,
array $issues) {
$form
->appendChild(
id(new AphrontFormTextControl())
->setName(self::PAYPAL_API_USERNAME)
->setValue($values[self::PAYPAL_API_USERNAME])
->setError(idx($issues, self::PAYPAL_API_USERNAME, true))
->setLabel(pht('Paypal API Username')))
->appendChild(
id(new AphrontFormTextControl())
->setName(self::PAYPAL_API_PASSWORD)
->setValue($values[self::PAYPAL_API_PASSWORD])
->setError(idx($issues, self::PAYPAL_API_PASSWORD, true))
->setLabel(pht('Paypal API Password')))
->appendChild(
id(new AphrontFormTextControl())
->setName(self::PAYPAL_API_SIGNATURE)
->setValue($values[self::PAYPAL_API_SIGNATURE])
->setError(idx($issues, self::PAYPAL_API_SIGNATURE, true))
->setLabel(pht('Paypal API Signature')))
->appendChild(
id(new AphrontFormSelectControl())
->setName(self::PAYPAL_MODE)
->setValue($values[self::PAYPAL_MODE])
->setError(idx($issues, self::PAYPAL_MODE))
->setLabel(pht('Mode'))
->setOptions(
array(
'test' => pht('Test Mode'),
'live' => pht('Live Mode'),
)));
return;
}
public function canRunConfigurationTest() {
return true;
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
public function runConfigurationTest() {
$result = $this
->newPaypalAPICall()
->setRawPayPalQuery('GetBalance', array())
->resolve();
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
public function getPaymentMethodDescription() {
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
return pht('Credit Card or PayPal Account');
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
public function getPaymentMethodIcon() {
Use real icons for payment providers Summary: Ref T2787. Uses the real icons. Straightens out the add payment flow a tiny bit. Test Plan: {F214922} Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10654
2014-10-07 15:07:01 -07:00
return 'PayPal';
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
public function getPaymentMethodProviderDescription() {
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
return 'PayPal';
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
protected function executeCharge(
PhortunePaymentMethod $payment_method,
PhortuneCharge $charge) {
Change double quotes to single quotes. Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected. Test Plan: Eyeballed it. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley, Korvin, hach-que Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:49 -07:00
throw new Exception('!');
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
private function getPaypalAPIUsername() {
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
return $this
->getProviderConfig()
->getMetadataValue(self::PAYPAL_API_USERNAME);
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
private function getPaypalAPIPassword() {
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
return $this
->getProviderConfig()
->getMetadataValue(self::PAYPAL_API_PASSWORD);
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
private function getPaypalAPISignature() {
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
return $this
->getProviderConfig()
->getMetadataValue(self::PAYPAL_API_SIGNATURE);
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
/* -( One-Time Payments )-------------------------------------------------- */
public function canProcessOneTimePayments() {
return true;
}
/* -( Controllers )-------------------------------------------------------- */
public function canRespondToControllerAction($action) {
switch ($action) {
case 'checkout':
case 'charge':
case 'cancel':
return true;
}
return parent::canRespondToControllerAction();
}
public function processControllerRequest(
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
PhortuneProviderActionController $controller,
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
AphrontRequest $request) {
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
$viewer = $request->getUser();
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
$cart = $controller->loadCart($request->getInt('cartID'));
if (!$cart) {
return new Aphront404Response();
}
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
$charge = $controller->loadActiveCharge($cart);
switch ($controller->getAction()) {
case 'checkout':
if ($charge) {
throw new Exception(pht('Cart is already charging!'));
}
break;
case 'charge':
case 'cancel':
if (!$charge) {
throw new Exception(pht('Cart is not charging yet!'));
}
break;
}
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
switch ($controller->getAction()) {
case 'checkout':
$return_uri = $this->getControllerURI(
'charge',
array(
'cartID' => $cart->getID(),
));
$cancel_uri = $this->getControllerURI(
'cancel',
array(
'cartID' => $cart->getID(),
));
Make Currency a more formal type Summary: Ref T2787. Phortune currently stores a bunch of stuff as `...inUSDCents`. This ends up being pretty cumbersome and I worry it will create a huge headache down the road (and possibly not that far off if we do Coinbase/Bitcoin soon). Even now, it's more of a pain than I figured it would be. Instead: - Provide an application-level serialization mechanism. - Provide currency serialization. - Store currency in an abstract way (currently, as "1.23 USD") that can handle currencies in the future. - Change all `...inUSDCents` to `..asCurrency`. - This generally simplifies all the application code. - Also remove some columns which don't make sense or don't make sense anymore. Notably, `Product` is going to get more abstract and mostly be provided by applications. Test Plan: - Created a new product. - Purchased a product. - Backed an initiative. - Ran unit tests. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10633
2014-10-06 10:26:48 -07:00
$price = $cart->getTotalPriceAsCurrency();
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
$charge = $cart->willApplyCharge($viewer, $this);
$params = array(
'PAYMENTREQUEST_0_AMT' => $price->formatBareValue(),
'PAYMENTREQUEST_0_CURRENCYCODE' => $price->getCurrency(),
'PAYMENTREQUEST_0_PAYMENTACTION' => 'Sale',
'PAYMENTREQUEST_0_CUSTOM' => $charge->getPHID(),
'RETURNURL' => $return_uri,
'CANCELURL' => $cancel_uri,
// TODO: This should be cart-dependent if we eventually support
// physical goods.
'NOSHIPPING' => '1',
);
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
$result = $this
->newPaypalAPICall()
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
->setRawPayPalQuery('SetExpressCheckout', $params)
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
->resolve();
$uri = new PhutilURI('https://www.sandbox.paypal.com/cgi-bin/webscr');
$uri->setQueryParams(
array(
'cmd' => '_express-checkout',
'token' => $result['TOKEN'],
));
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
$cart->setMetadataValue('provider.checkoutURI', $uri);
$cart->save();
$charge->setMetadataValue('paypal.token', $result['TOKEN']);
$charge->save();
Be more strict about "Location:" redirects Summary: Via HackerOne. Chrome (at least) interprets backslashes like forward slashes, so a redirect to "/\evil.com" is the same as a redirect to "//evil.com". - Reject local URIs with backslashes (we never generate these). - Fully-qualify all "Location:" redirects. - Require external redirects to be marked explicitly. Test Plan: - Expanded existing test coverage. - Verified that neither Diffusion nor Phriction can generate URIs with backslashes (they are escaped in Diffusion, and removed by slugging in Phriction). - Logged in with Facebook (OAuth2 submits a form to the external site, and isn't affected) and Twitter (OAuth1 redirects, and is affected). - Went through some local redirects (login, save-an-object). - Verified file still work. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D10291
2014-08-18 14:11:06 -07:00
return id(new AphrontRedirectResponse())
->setIsExternal(true)
->setURI($uri);
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
case 'charge':
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
$token = $request->getStr('token');
$params = array(
'TOKEN' => $token,
);
$result = $this
->newPaypalAPICall()
->setRawPayPalQuery('GetExpressCheckoutDetails', $params)
->resolve();
var_dump($result);
if ($result['CUSTOM'] !== $charge->getPHID()) {
throw new Exception(
pht('Paypal checkout does not match Phortune charge!'));
}
if ($result['CHECKOUTSTATUS'] !== 'PaymentActionNotInitiated') {
throw new Exception(
pht(
'Expected status "%s", got "%s".',
'PaymentActionNotInitiated',
$result['CHECKOUTSTATUS']));
}
$price = $cart->getTotalPriceAsCurrency();
$params = array(
'TOKEN' => $token,
'PAYERID' => $result['PAYERID'],
'PAYMENTREQUEST_0_AMT' => $price->formatBareValue(),
'PAYMENTREQUEST_0_CURRENCYCODE' => $price->getCurrency(),
'PAYMENTREQUEST_0_PAYMENTACTION' => 'Sale',
);
$result = $this
->newPaypalAPICall()
->setRawPayPalQuery('DoExpressCheckoutPayment', $params)
->resolve();
// TODO: Paypal can send requests back in "PaymentReview" status,
// and does this for test transactions. We're supposed to hold
// the transaction and poll the API every 6 hours. This is unreasonably
// difficult for now and we can't reasonably just fail these charges.
var_dump($result);
die();
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
break;
case 'cancel':
var_dump($_REQUEST);
break;
}
Disable Phortune Paypal payment provider Summary: Ref T2787. For test charges, Paypal is putting the charge in a "payment review" state. Dealing with this state requires way more infrastructure than other providers: we're supposed to pause delivery, then poll Paypal every 6 hours to see if the review has resolved. Since I can't seem to generate normal test charges, I can't test Paypal for now. Disable it until we have more infrastructure. (This diff gets us further along, up to the point where I hit this issue.) Test Plan: Read documentation, rolled eyes. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10644
2014-10-06 14:51:51 -07:00
throw new Exception(
pht('Unsupported action "%s".', $controller->getAction()));
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
}
private function newPaypalAPICall() {
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
$mode = $this->getProviderConfig()->getMetadataValue(self::PAYPAL_MODE);
if ($mode == 'live') {
$host = 'https://api-3t.paypal.com/nvp';
} else {
$host = 'https://api-3t.sandbox.paypal.com/nvp';
}
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
return id(new PhutilPayPalAPIFuture())
Make payment providers a configurable property of Merchants in Phortune Summary: Ref T2787. Instead of making providers global configuration, make them a thing on merchants with web configuration. Payment methods and some of the pyament workflow needs to be retooled a bit after this, but this seemed like a reasonable cutoff point for this diff. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D10649
2014-10-07 14:41:41 -07:00
->setHost($host)
Add initial cut of PayPal and pay-once-at-checkout providers to Phortune Summary: Paypal doesn't let us capture cards in a PCI-free way like Stripe and Balanced do, but we can provide a "pay with paypal" option at checkout. (For subscriptions, we'll have to invoice monthly to retain control over billing, but this doesn't seem wildly unreasonable.) The bitcoin provider MtGox works in a similar way, as do some other providers we might some day want to implement. This adds: - Hooks to providers so they can offer "pay once at checkout" workflows. - Hooks so providers can have controllers, for redirect-based third-party workflows. - Basic Paypal integration using the "Express Checkout Merchant API", which seems like the best fit for our use case. This only goes as far as shoving the user through the payment flow; we don't actually capture payments yet (paypal has around 35 different APIs, but this one seems to be the only PCI-free one which wouldn't give users an awful experience). This diff is fairly checkpointey, but Phortune doesn't really bill anything yet anyway. Ref T2787. Test Plan: Ran through Paypal sandbox workflow; "paid" for stuff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2787 Differential Revision: https://secure.phabricator.com/D5834
2013-05-06 11:44:24 -07:00
->setAPIUsername($this->getPaypalAPIUsername())
->setAPIPassword($this->getPaypalAPIPassword())
->setAPISignature($this->getPaypalAPISignature());
}
}
Copy permalink